Google warned Iranian users to change their Gmail passwords and take other precautionary measures to ensure the integrity of their Google products after the security systems of DigiNotar, a company that provides SSL certificates, was hacked.
DigiNotar, a Dutch subsidiary of Data Security International Inc., issues certificates that guarantee the security of the interchange between a website and a user’s browser. DigiNotar’s hacking in mid-July resulted in the release of 531 fraudulent security websites for companies such as Microsoft, Google, Yahoo, Skype, Facebook and Twitter across 344 domains.
According to a report by FOX-IT, an independent firm hired by DigiNotar to investigate its security breach, a fraudulent .google.com security certificate was not revoked by DigiNotar until August 29. The certificate in question was issued on July 10. Between August 4 and August 29, 300,000 IP addresses requested access to that fraudulent Google security certificate, over 99% of which were from Iran.
In a September 8 blog post, Google pledged to contact affected users. The post also outlined five security precautions such as changing passwords, verifying account recovery options and ensuring the correctness of any email forwarding. Although the attack appeared not to affect the Google Chrome browser because of a security setting, Google suggested the precautionary measures wholesale to all users of its products in Iran.
Because the IP addresses that were rendered vulnerable to the fake google.com security certificate were almost entirely in Iran, speculation has been widespread that the Iranian government was responsible for the hacking. Meanwhile, a hacker by the name ComodoHacker, who hacked into a reseller for CA Comodo earlier this summer, has claimed responsibility for the DigiNotar attack. The hacker’s statement of responsibility targeted the Dutch government for its alleged involvement in killing Muslims in Serbia.